Filtered by vendor Debian Subscriptions
Filtered by product Debian Linux Subscriptions
Total 8864 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-21661 3 Debian, Fedoraproject, Wordpress 3 Debian Linux, Fedora, Wordpress 2024-08-19 8 High
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
CVE-2023-4863 9 Bentley, Debian, Fedoraproject and 6 more 18 Seequent Leapfrog, Debian Linux, Fedora and 15 more 2024-08-19 8.8 High
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CVE-2023-43804 4 Debian, Fedoraproject, Python and 1 more 12 Debian Linux, Fedora, Urllib3 and 9 more 2024-08-19 5.9 Medium
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
CVE-2023-44487 32 Akka, Amazon, Apache and 29 more 364 Http Server, Opensearch Data Prepper, Apisix and 361 more 2024-08-19 7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-37601 3 Debian, Redhat, Webpack.js 4 Debian Linux, Logging, Migration Toolkit Applications and 1 more 2024-08-16 9.8 Critical
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
CVE-2015-6748 3 Debian, Jsoup, Redhat 4 Debian Linux, Jsoup, Jboss Bpms and 1 more 2024-08-16 6.1 Medium
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
CVE-2023-42755 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-08-16 6.5 Medium
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.
CVE-2023-39417 3 Debian, Postgresql, Redhat 10 Debian Linux, Postgresql, Advanced Cluster Security and 7 more 2024-08-16 7.5 High
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-4132 4 Debian, Fedoraproject, Linux and 1 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-08-16 5.5 Medium
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
CVE-2023-4004 5 Debian, Fedoraproject, Linux and 2 more 13 Debian Linux, Fedora, Linux Kernel and 10 more 2024-08-16 7.8 High
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
CVE-2023-3772 4 Debian, Fedoraproject, Linux and 1 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-08-16 5.5 Medium
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.
CVE-2020-28242 4 Asterisk, Debian, Fedoraproject and 1 more 4 Certified Asterisk, Debian Linux, Fedora and 1 more 2024-08-15 6.5 Medium
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
CVE-2009-3723 2 Debian, Sangoma 2 Debian Linux, Asterisk 2024-08-15 7.5 High
asterisk allows calls on prohibited networks
CVE-2020-13965 3 Debian, Fedoraproject, Roundcube 3 Debian Linux, Fedora, Webmail 2024-08-14 6.1 Medium
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
CVE-2023-42916 4 Apple, Debian, Fedoraproject and 1 more 7 Ipados, Iphone Os, Macos and 4 more 2024-08-14 6.5 Medium
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
CVE-2024-1086 5 Debian, Fedoraproject, Linux and 2 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-08-14 7.8 High
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
CVE-2023-7101 3 Debian, Fedoraproject, Jmcnamara 3 Debian Linux, Fedora, Spreadsheet\ 2024-08-14 7.8 High
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
CVE-2023-4762 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-08-14 8.8 High
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2023-43770 2 Debian, Roundcube 2 Debian Linux, Webmail 2024-08-14 6.1 Medium
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
CVE-2020-15999 6 Debian, Fedoraproject, Freetype and 3 more 9 Debian Linux, Fedora, Freetype and 6 more 2024-08-12 6.5 Medium
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.